2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
6 * @file security_server_tests_cookie_api.cpp
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
9 * @brief Test cases for security server cookie api
14 Tested API functions in this file:
16 Protected by "security-server::api-cookie-get" label:
17 int security_server_get_cookie_size(void);
18 int security_server_request_cookie(char *cookie, size_t bufferSize);
21 Protected by "security-server::api-cookie-check" label:
22 int security_server_check_privilege(const char *cookie, gid_t privilege);
23 int security_server_check_privilege_by_cookie(const char *cookie,
25 const char *access_rights);
26 int security_server_get_cookie_pid(const char *cookie);
27 char *security_server_get_smacklabel_cookie(const char *cookie);
28 int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
29 int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
32 #include <dpl/test/test_runner.h>
33 #include <dpl/test/test_runner_multiprocess.h>
34 #include <tests_common.h>
35 #include <sys/smack.h>
37 #include <sys/types.h>
40 #include <access_provider.h>
41 #include <security-server.h>
42 #include <smack_access.h>
45 typedef std::unique_ptr<char, void(*)(void *)> UniquePtrCstring;
46 const int KNOWN_COOKIE_SIZE = 20;
47 typedef std::vector<char> Cookie;
49 Cookie getCookieFromSS(const Tracker &tracker = Tracker()) {
50 Cookie cookie(security_server_get_cookie_size());
52 RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS ==
53 security_server_request_cookie(cookie.data(), cookie.size()),
54 tracker.str() << " Error in security_server_request_cookie.");
59 RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
62 * **************************************************************************
63 * Test cases fot check various functions input params cases
64 * **************************************************************************
67 //---------------------------------------------------------------------------
68 //passing NULL as a buffer pointer
69 RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
71 int ret = security_server_request_cookie(NULL, KNOWN_COOKIE_SIZE);
72 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
73 "Error in security_server_request_cookie() argument checking: " << ret);
76 //passing too small value as a buffer size
77 RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
79 Cookie cookie(KNOWN_COOKIE_SIZE);
81 int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
82 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
83 "Error in security_server_request_cookie() argument checking: " << ret);
86 //---------------------------------------------------------------------------
87 //passing NULL as a cookie pointer
88 RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
90 int ret = security_server_check_privilege(NULL, 0);
91 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
92 "Error in security_server_check_privilege() argument checking: " << ret);
95 //---------------------------------------------------------------------------
96 //passing NULL as a cookie pointer
97 RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
99 int ret = security_server_check_privilege_by_cookie(NULL, "wiadro", "rwx");
100 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
101 "Error in security_server_check_privilege_by_cookie() argument checking: "
105 //passing NULL as an object pointer
106 RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
108 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
110 int ret = security_server_check_privilege_by_cookie(cookie.data(), NULL, "rwx");
111 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
112 "Error in security_server_check_privilege_by_cookie() argument checking: "
116 //passing NULL as an access pointer
117 RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
119 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
121 int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", NULL);
122 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
123 "Error in security_server_check_privilege_by_cookie() argument checking: "
127 //---------------------------------------------------------------------------
128 //passing NULL as a cookie pointer
129 RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
131 int ret = security_server_get_cookie_pid(NULL);
132 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
133 "Error in security_server_get_cookie_pid() argument checking: " << ret);
136 //---------------------------------------------------------------------------
137 //passing NULL as a cookie pointer
138 RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
141 label = security_server_get_smacklabel_cookie(NULL);
142 RUNNER_ASSERT_MSG(label == NULL,
143 "Error in security_server_get_smacklabel_cookie() argument checking");
146 //---------------------------------------------------------------------------
147 //passing NULL as a cookie pointer
148 RUNNER_CHILD_TEST(tc_arguments_06_01_security_server_get_uid_by_cookie)
151 int ret = security_server_get_uid_by_cookie(NULL, &uid);
152 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
153 "Error in security_server_get_uid_by_cookie() argument checking: "
157 //passing NULL as an uid pointer
158 RUNNER_CHILD_TEST(tc_arguments_06_02_security_server_get_uid_by_cookie)
160 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
162 int ret = security_server_get_uid_by_cookie(cookie.data(), NULL);
163 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
164 "Error in security_server_get_uid_by_cookie() argument checking: "
168 //---------------------------------------------------------------------------
169 //passing NULL as an cookie pointer
170 RUNNER_CHILD_TEST(tc_arguments_07_01_security_server_get_gid_by_cookie)
173 int ret = security_server_get_gid_by_cookie(NULL, &gid);
174 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
175 "Error in security_server_get_gid_by_cookie() argument checking: "
179 //passing NULL as an gid pointer
180 RUNNER_CHILD_TEST(tc_arguments_07_02_security_server_get_gid_by_cookie)
182 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
184 int ret = security_server_get_gid_by_cookie(cookie.data(), NULL);
185 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
186 "Error in security_server_get_gid_by_cookie() argument checking: "
193 * **************************************************************************
194 * Unit tests for each function from API
195 * **************************************************************************
198 //---------------------------------------------------------------------------
199 //root has access to API
200 RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
202 int ret = security_server_get_cookie_size();
203 RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
204 "Error in security_server_get_cookie_size(): " << ret);
207 //---------------------------------------------------------------------------
208 // security_server_get_cookie_size() is no longer ptotected by SMACK
209 RUNNER_CHILD_TEST(tc_unit_01_02_security_server_get_cookie_size)
211 SecurityServer::AccessProvider provider("selflabel_01_02");
212 provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
214 int ret = security_server_get_cookie_size();
215 RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
216 "Error in security_server_get_cookie_size(): " << ret);
219 //---------------------------------------------------------------------------
220 //root has access to API
221 RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
223 int cookieSize = security_server_get_cookie_size();
224 RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
225 "Error in security_server_get_cookie_size(): " << cookieSize);
227 Cookie cookie(cookieSize);
228 int ret = security_server_request_cookie(cookie.data(), cookie.size());
229 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
230 "Error in security_server_request_cookie(): " << ret);
233 //---------------------------------------------------------------------------
234 //root has access to API
235 RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
237 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
239 int ret = security_server_check_privilege(cookie.data(), 0);
240 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
241 "Error in security_server_check_privilege(): " << ret);
244 //privileges drop and no smack rule
245 RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_security_server_check_privilege)
247 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
249 SecurityServer::AccessProvider provider("selflabel_03_02");
250 provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
252 int ret = security_server_check_privilege(cookie.data(), 0);
253 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
254 "Error in security_server_check_privilege(): " << ret);
257 //privileges drop and added smack rule
258 RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_security_server_check_privilege)
260 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
262 SecurityServer::AccessProvider provider("selflabel_03_03");
263 provider.allowFunction("security_server_check_privilege", TRACE_FROM_HERE);
264 provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
266 int ret = security_server_check_privilege(cookie.data(), 0);
267 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
268 "Error in security_server_check_privilege(): " << ret);
271 //---------------------------------------------------------------------------
272 //root has access to API
273 RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
275 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
277 int ret = security_server_get_cookie_pid(cookie.data());
278 RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
281 RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
284 //privileges drop and no smack rule
285 RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_security_server_get_cookie_pid)
287 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
289 SecurityServer::AccessProvider provider("selflabel_05_02");
290 provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
292 int ret = security_server_get_cookie_pid(cookie.data());
293 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
294 "Error in security_server_get_cookie_pid(): " << ret);
297 //privileges drop and added smack rule
298 RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_security_server_get_cookie_pid)
300 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
302 SecurityServer::AccessProvider provider("selflabel_05_03");
303 provider.allowFunction("security_server_get_cookie_pid", TRACE_FROM_HERE);
304 provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
306 int ret = security_server_get_cookie_pid(cookie.data());
307 RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
310 RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
313 //---------------------------------------------------------------------------
314 //root has access to API
315 RUNNER_CHILD_TEST(tc_unit_06_01_security_server_get_smacklabel_cookie)
317 setLabelForSelf(__LINE__, "selflabel_06_01");
319 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
321 UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
322 RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_01") == 0,
323 "No match in smack label received from cookie, received label: "
327 //privileges drop and no smack rule
328 RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_security_server_get_smacklabel_cookie)
330 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
332 SecurityServer::AccessProvider provider("selflabel_06_02");
333 provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
335 UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
336 RUNNER_ASSERT_MSG(label.get() == NULL,
337 "NULL should be received due to access denied, received label: "
341 //privileges drop and added smack rule
342 RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_security_server_get_smacklabel_cookie)
344 SecurityServer::AccessProvider provider("selflabel_06_03");
345 provider.allowFunction("security_server_get_smacklabel_cookie", TRACE_FROM_HERE);
346 provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
348 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
350 UniquePtrCstring label(security_server_get_smacklabel_cookie(cookie.data()), free);
351 RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_03") == 0,
352 "No match in smack label received from cookie, received label: "
356 //---------------------------------------------------------------------------
357 //root has access to API
358 RUNNER_CHILD_TEST(tc_unit_07_01_security_server_get_uid_by_cookie)
360 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
363 int ret = security_server_get_uid_by_cookie(cookie.data(), &uid);
364 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
365 "Error in security_server_get_uid_by_cookie(): " << ret);
367 RUNNER_ASSERT_MSG(ret == (int)uid, "No match in UID received from cookie");
370 //privileges drop and no smack rule
371 RUNNER_CHILD_TEST_SMACK(tc_unit_07_02_security_server_get_uid_by_cookie)
373 SecurityServer::AccessProvider provider("selflabel_07_02");
374 provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
376 Cookie cookie(KNOWN_COOKIE_SIZE);
379 int ret = security_server_get_uid_by_cookie(cookie.data(), &uid);
380 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
381 "Error in security_server_get_uid_by_cookie(): " << ret);
384 //privileges drop and added smack rule
385 RUNNER_CHILD_TEST_SMACK(tc_unit_07_03_security_server_get_uid_by_cookie)
387 SecurityServer::AccessProvider provider("selflabel_07_02");
388 provider.allowFunction("security_server_get_uid_by_cookie", TRACE_FROM_HERE);
389 provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
391 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
394 int ret = security_server_get_uid_by_cookie(cookie.data(), &uid);
395 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
396 "Error in security_server_get_uid_by_cookie(): " << ret);
398 RUNNER_ASSERT_MSG(ret == (int)uid, "No match in UID received from cookie");
401 //---------------------------------------------------------------------------
402 //root has access to API
403 RUNNER_CHILD_TEST(tc_unit_08_01_security_server_get_gid_by_cookie)
405 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
409 int ret = security_server_get_gid_by_cookie(cookie.data(), &gid);
410 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
411 "Error in security_server_get_gid_by_cookie(): " << ret);
413 RUNNER_ASSERT_MSG(ret == (int)gid, "No match in GID received from cookie");
416 //privileges drop and no smack rule
417 RUNNER_CHILD_TEST_SMACK(tc_unit_08_02_security_server_get_gid_by_cookie)
419 SecurityServer::AccessProvider provider("selflabel_08_02");
420 provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
422 Cookie cookie(KNOWN_COOKIE_SIZE);
425 int ret = security_server_get_gid_by_cookie(cookie.data(), &gid);
426 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
427 "Error in security_server_get_gid_by_cookie(): " << ret);
430 //privileges drop and added smack rule
431 RUNNER_CHILD_TEST_SMACK(tc_unit_08_03_security_server_get_gid_by_cookie)
433 SecurityServer::AccessProvider provider("selflabel_08_03");
434 provider.allowFunction("security_server_get_gid_by_cookie", TRACE_FROM_HERE);
435 provider.applyAndSwithToUser(APP_UID, APP_GID, TRACE_FROM_HERE);
437 Cookie cookie = getCookieFromSS(TRACE_FROM_HERE);
440 int ret = security_server_get_gid_by_cookie(cookie.data(), &gid);
441 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
442 "Error in security_server_get_gid_by_cookie(): " << ret);
444 RUNNER_ASSERT_MSG(ret == (int)gid, "No match in GID received from cookie");